-
-
Notifications
You must be signed in to change notification settings - Fork 2
vmoduser.1
vmoduser - Modify virtual user attributes
vmoduser* [options*] email_addr
vmoduser modifies attributes of an email account by modifying fields in the authentication tables indimail or indibak. vmoduser has setuid bit set and can be run by the root user, by user having uid/gid of the domain in /etc/indimail/users/assign or if the user has the gid of the domain as a supplementary group. For the -q and -l options, vmoduser is executed with root privileges.
If the environment variable POST_HANDLE is set, vmoduser executes the program defined by the POST_HANDLE environment variable with the uid/gid of the domain in /etc/indimail/users/assign. If POST_HANDLE is not defined, the program /usr/libexec/indimail/vmoduser will be executed. For the -l option, POST_HANDLE is not executed at all. The POST_HANDLE program is passed the same command line arguments as passed to vmoduser. The POST_HANDLE program is executed as the last step after all earlier steps have been successful.
-v
Sets verbose mode
-n
Toggles between Inactive and Active state for the user i.e. Moves the
user between indimail and indibak
-q quota
Changes the quota for the user. Changes the field pw_shell in indimail
or indibak. You can also use +quota to increase the existing quota by
amount specified by quota. You can also use -quota to decrease the
existing quota by amount specified by quota. You can use k/K, m/M, g/G
for kibibytes, mebibytes and gibibytes respectively, when specifying a
value for quota.
If the domain has domain limits set using vlimit(1), then domain limits apply. Also, this option will not be allowed if permission for modifying quota is disabled in domain limits.
-c comment
Changes the gecos (comment) field for the user. Changes the field
pw_gecos in indimail or indibak.
-P clear_text
Sets an encrypted password for the user after encrypting the clear text
password given on the command line. Changes the field pw_passwd in
indimail or indibak. Changes the pw_passwd field in indimail/indibak
tables.
-e
Changes the passwd for the user as given after '-P' argument
(without performing any encryption). It is expected to supply a crypted
password using crypt(3) library call. You can use this to set clear-text
password for CRAM/SCRAM methods. Changes the pw_passwd field in
indimail/indibak tables.
-h hash
Specify hash which is one of DES, MD5, SHA-256, SHA-512. Here ID is
the id in /etc/shadow. See incrypt(1).
| HASH ID Description | |
|---|---|
| DES - DES encryption (shouldn't be used) | |
| MD5 1 MD5 encryption (shouldn't be used) | |
| SHA-256 5 SHA256 encryption | |
| SHA-512 6 SHA512 encryption |
You can also set the environment variable PASSWORD_HASH to set the encryption method. The -h argument overrides the environment variable PASSWORD_HASH. The value of PASSWORD_HASH environment variable identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of PASSWORD_HASH are supported:
PASSWORD_HASH Value Description
0 DES encryption (shouldn't be used)
1 MD5 encryption (shouldn't be used)
2 SHA256 encryption
3 SHA512 encryption
-m SCRAM_method
Sets the CRAM or SCRAM method for encryption. This will set SCRAM
password in the scram field in indimail/indibak tables. For CRAM
method, it will set clear text password when -C option is specified.
CRAM/SCRAM method Description
----------------- -----------
CRAM Sets clear text password suitable for any
CRAM method (CRAM-MD5, CRAM-SHA1, ...)
SCRAM-SHA-1 SHA1 encryption suitable for SCRAM-SHA-1.
SCRAM-SHA-256 SHA256 encryption suitable for SCRAM-SHA-256.
-C
Sets up authentication suitable for CRAM-MD5, CRAM-SHA1, CRAM-SHA224,
CRAM-SHA256, CRAM-SHA384, CRAM-SHA512, CRAM-RIPEMD and DIGEST-MD5
methods. This works by storing the clear text credentials in the
database. if the -m option is selected, this will additionally store a
hex-encoded salted password for SCRAM methods, which can be used instead
of clear text passwords by clients (for SCRAM authentication).
-S salt
Specify a base64 encoded salt to be used when generating SCRAM password.
If not specified, this will be generated using libsodium/gsasl.
-I iteration
Specify the iteration count to be used when generating SCRAM password.
The default is 4096.
-D date_format
Delivery to a date folder instead of Maildir (Inbox) as per format
specification date_format. vdelivermail(8) uses strftime(3) to
process the date format. This format is maintained in the file
folder.dateformat in user's Maildir.
The format %b-%Y will cause emails to be delivered to Apr-2014 if the
delivery date happens to be anytime in Apr 2014
-l vacation_messsage_file
Sets up autoresponder for the user. It creates .qmail file in user's
homedir containing path to the autoresponder program vacation. If
vacation_message_file is specified as '-', autoresponder is removed.
If it is specified as '+', the text for autoresponder is taken from
STDIN. Any other value is taken as a file containing text for the
autoresponder.
The following options are bit flags in the gid int field. (pw_gid in indimail or indibak)
-t
Toggle the bit flags in the gid int field
-u
Set no dialup flag.
-d
Set no password changing flag for the user
-p
Set no POP3 access flag.
-w
Set no web mail access flag.
-i
Set no IMAP4 access flag.
-b
Set bounce mail flag.
-r
Set no external relay flag.
-a
Grant administrator privileges.
-0
Reserved for future use.
-1
Reserved for future use.
-2
Reserved for future use.
-3
Reserved for future use.
**-x **
Clear all flags
The values of pw_gid corresponding to the above options are as below.
Option Value
NO_PASSWD_CHNG 0x01
NO_POP 0x02
NO_WEBMAIL 0x04
NO_IMAP 0x08
BOUNCE_MAIL 0x10
NO_RELAY 0x20
NO_DIALUP 0x40
QA_ADMIN 0x80
V_OVERRIDE 0x100
NO_SMTP 0x200
V_USER0 0x400
V_USER1 0x800
V_USER2 0x1000
V_USER3 0x2000
0 in case of success and non-zero in case of any failure.
vsetuserquota(1), vpasswd(1), vlimit(1), resetquota(8), vdelivermail(8), strftime(3) incrypt(1), crypt(3) gsasl(1)